Journal of Medical Systems

, Volume 31, Issue 2, pp 103–107 | Cite as

Security and Access of Health Research Data

  • Willy Susilo
  • Khin Than WinEmail author
Original Paper


The objective of this study is to discover how to maximise the use of health research data without breaching the patient’s confidentiality. To achieve this, we have examined available options identified in enhancing information security of health research data. It has been noted that there are gaps in information security for health research data. Our novel approach, searching through encrypted data is discussed in this paper.


Information security Privacy Confidentiality Research data De-identification Encrypted data 



  1. 1.
    Abdalla, M., Bellare, M., Catalano, D., Kiltz, E., Kohno, T., Lange, T., Malone-Lee, J., Neven, G., Paillier, P., and Shi, H., Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions, Proceedings of Crypto 2005 (to appear), 2005.Google Scholar
  2. 2.
    Australian Medical Council, Legal, ethical and organisational aspects of the practice of medicine. In: Anthology of Medical Conditions, Marshall, V. C. et al. (ed.), Australian Medical Council Incorporated, 2003.Google Scholar
  3. 3.
    Baek, J., Safavi-Naini, R., and Susilo, W., Public Key Encryption with Keyword Search Revisited., 2005.Google Scholar
  4. 4.
    Baek, J., Safavi-Naini, R., and Susilo, W., On the integration of public key data encryption and public key encryption with keyword search. The 9th Information Security Conference, ISC 2006, Lecture Notes in Computer Science, Springer-Verlag, Berlin, 2006.Google Scholar
  5. 5.
    Behlen, F. M., and Johnson, S. B., Multicenter patient records research: Security policies and tools. J. Am. Med. Inform. Assoc. 6(6):435-443, 1999.Google Scholar
  6. 6.
    Boneh, D., Crescenzo, G. D., Ostrovsky, R., and Persiano, G., Searchable Public Key Encryption., 2003.Google Scholar
  7. 7.
    Boneh, D., and Fraklin, M., Identity-based encryption from the Weil pairing. Proceedings of Crypto 2001, Springer-Verlag, pp. 213–229, 2001.Google Scholar
  8. 8.
    Carney, P.A., Geller, B. M., Moffett, H., Ganger, M., Sewell, M., Barlow, W. E., Stalnaker, N., Taplin, S. H., Sisk, C., Ernster, V., Wilkie, H. A., Yankaskas, B., Poplack, S.P., Urban, N., West, M. M., Rosenberg, R. D., Michael, S., Mercurio, T. D., and Ballard-Barbash, R., Current medicolegal and confidentiality issues in large, multicenter research programs. Am. J. Epidemiol. 152(4):371–378, 2000.Google Scholar
  9. 9.
    Dreiseitl, S., Vinterbo, S., and Ohno-Machado, L., Disambiguation data: Extracting information from anonymized sources. J. Am. Med. Inform. Assoc. 9(6):110–114, 2002.CrossRefGoogle Scholar
  10. 10.
    Dudeck, J., Informed consent for cancer registration. Lancet Oncol. 2:8-9, 2001.CrossRefGoogle Scholar
  11. 11.
    Evans, B., and Ramay, C. N., Integrity of communicable disease surveillance is important patient care. Brit. Med. J. 322:858, 2001.CrossRefGoogle Scholar
  12. 12.
    Gritzalis, D., and Lambrinoudakis, C., A security architecture for interconnecting health information systems. Int. J. Med. Inform. 73:305-309, 2004.Google Scholar
  13. 13.
    Health Records and Information Privacy Act 2002, New South Wales.Google Scholar
  14. 14.
    Ingelfinger, J. R., and Drazen, J. M., Registry research and medical privacy. New Engl. J. Med. 350(14):1452, 2004.CrossRefGoogle Scholar
  15. 15.
    Lowrance, W., Learning from experience: privacy and the secondary use of data in health research. J. Health Serv. Res. Policy 8(supp 1):S1:2–7, 2003.Google Scholar
  16. 16.
    Muralidhar, K., and Sarathy, R., Can you have your cake and eat it too? Sharing healthcare data without compromising privacy and confidentiality. In: Proceedings of the 11th Americas Conference on Information Systems. Omaha, NE, 2005.Google Scholar
  17. 17.
    Ohno-Machado, L., Silveira, P. S. P., and Vinterbo, S., Protecting patient privacy by quantifiable control of disclosures in disseminated databases. Int. J Med. Inform. 73:599–606, 2004.CrossRefGoogle Scholar
  18. 18.
    Quantin, C., Allaert, F.-A., and Dusserre, L., Anonymous statistical methods versus cryptographic methods in epidemiology. Int. J. Med. Inform. 60:177–183, 2000.CrossRefGoogle Scholar
  19. 19.
    Roberts, L., and Wilson, S., Argument for consent may invalidate research and stigmatize some patients. Brit. Med. J. 322:858(1 page), 2001.Google Scholar
  20. 20.
    Song, D. X., Wagner, D., and Perrig, A., Practical techniques for searches on encrypted data. IEEE Symposium on Security and Privacy, pp. 44–55, 2000.Google Scholar
  21. 21.
    Willison, D. J., Keshavjee, K., Nair, K., Goldsmith, C., and Holbrook, A. M., Patients’ consent preferences for research uses of information in electronic medical records: Interview and survey data. BMJ 326:373-376, 2003.CrossRefGoogle Scholar
  22. 22.
    Win, K. T., Information security of electronic health record systems. Health Inform. Manage. J. 34(1), 13–18, 2005.Google Scholar

Copyright information

© Springer Science+Business Media, Inc. 2007

Authors and Affiliations

  1. 1.Faculty of InformaticsUniversity of WollongongWollongongAustralia

Personalised recommendations